The distributed denial-of-service (DDoS) attacks on government Web sites of both South Korea and United States in 2009 and more recently in March this year could have been a “reconnaissance operation” by a cyber army launched on behalf of North Korea.
This assessment was put forward by Georg Wicherski, a security researcher at McAfee Labs, who wrote in a blog post Wednesday detailing how a botnet based out of South Korea launched DDoS attacks against 40 sites affiliated with the local government, military and civilian critical infrastructure on Mar. 4 this year. It also targeted U.S. Forces Korea and the U.S. airforce base in Kunsan, South Korea, he noted.
Wicherski went on to make the link between 14 of the sites in the 2011 attack with those targeted in the July 2009 attacks, noting in his post that the modus operandi was “identical [but] unusually destructive” for typical botnet attacks.
News agency Fox News reported in 2009 that the DDoS attacks took down South Korea’s presidential Blue House, the Defense Ministry, Shinhan Bank and Internet portal Naver, as well as American sites such as the National Security Agency, Homeland Security Department, State Department, the Nasdaq stock market and The Washington Post.
Instead of preserving the botnets, in which infected PCs are hijacked and controlled by a master computer, for as long as possible to run other criminal online activities, Wicherski said the people behind the South Korean botnet brought down the systems the DDoS attacks were deployed on by “deleting key data files such as source codes, documents and then zeroing out the Master Boot Record to render these computers unbootable”.
The researcher then added that these two attacks had a 95 percent chance of being perpetrated by the same masterminds, who have “very clear anti-Korean and anti-U.S. political motivations”.